[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Jonathan Schleifer js-xmpp-security at webkeks.org
Mon Aug 25 04:54:49 CDT 2008


Am 25.08.2008 um 11:48 schrieb Dirk Meyer:

> The other idea is to use disco#items .... while wanting to write down
> an example I noticed that this would be a very bad hack. We could also
> create our own query in the urn:xmpp:tmp:tlsauth namespace:
>
> <iq type='get'
>    from='juliet at capulet.com/balcony'
>    to='balconyscene at plays.shakespeare.lit'
>    id='info'>
>  <query xmlns='urn:xmpp:tmp:tlsauth'/>
> </iq>
>
> <iq type='result'
>    from='balconyscene at plays.shakespeare.lit'
>    to='juliet at capulet.com/balcony'
>    id='info'>
>  <query xmlns='urn:xmpp:tmp:tlsauth'>
>    <x509 fingerprint='certificate-fingerprint'/>
>    <openpgp fingerprint='openpgp-fingerprint'/>
>    <srp/>
>  </query>
> </iq>

We should have it in items IMO, so we can easily check and  
autonegotiate.
We could just have entries there for every verification mechanism we  
support. Like urn:xmpp:c2ctls, urn:xmpp:c2ctls:x509,  
urn:xmpp:c2ctls:sas etc.

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080825/2a254122/attachment.pgp 


More information about the Security mailing list